CVE-2019-6690
Description
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a CWE-20: Improper Input Validation issue affecting the affect functionality component.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
21.434
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-6690 are fixed in Python-python-gnupg 0.4.4 | Windows |
| Python wrapper for the GNU Privacy Guard (USN-3964-1) python-gnupg_0.4.1-1ubuntu1.18.04.1_all.deb | Linux |
| Python wrapper for the GNU Privacy Guard (USN-3964-1) python-gnupg_0.4.1-1ubuntu1.18.10.1_all.deb | Linux |
| Python wrapper for the GNU Privacy Guard (USN-3964-1) python-gnupg_0.4.3-1ubuntu1.19.04.1_all.deb | Linux |
| Python wrapper for the GNU Privacy Guard (USN-3964-1) python3-gnupg_0.4.1-1ubuntu1.18.04.1_all.deb | Linux |
| Python wrapper for the GNU Privacy Guard (USN-3964-1) python3-gnupg_0.4.1-1ubuntu1.18.10.1_all.deb | Linux |
| Python wrapper for the GNU Privacy Guard (USN-3964-1) python3-gnupg_0.4.3-1ubuntu1.19.04.1_all.deb | Linux |
| Vulnerabilities CVE-2019-6690 are fixed in Python-python-gnupg for linux 0.4.4 | Linux |
| Improper Input Validation Vulnerability (CVE-2019-6690) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234